rails-nginx 1.0.0.pre.alpha

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 15c1730eca41e2227f246633756a27130a5e4c5bf87796a9a88893357be441a4
+  data.tar.gz: a372053d911522bf503522ebed38b8a2605bd91032541210a5ffd8092d02d88d
+SHA512:
+  metadata.gz: 83d060932d2b1c76be3081b280525e893f918e0d10350827e67add23352d0c0da1eb25a8d2ccfb7c3e47626154b4199000ef0913a0744952f5696b78b09f86f4
+  data.tar.gz: a4314d08cbb951387f5a20420187f91916f841aa355752e55180c11e2a66fd3e5042a6124630ab44302d0e8cfafeb02c3bbc0af6795af53fd384a625b3704f4b

data/CHANGELOG.md

@@ -0,0 +1,7 @@
+## [Unreleased]
+
+## [1.0.0-alpha] - 2024-11-21
+
+- Initial release
+  - Added configuration delegation to ruby-nginx.
+  - Added Puma plugin.

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2024 Bert McCutchen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,72 @@
+# Rails NGINX
+
+Automatically configure NGINX with SSL upon boot for Rails applications.
+
+1. ERB for NGINX configuration templating.
+2. Mkcert for SSL certificate generation.
+3. Tried and true NGINX for reverse proxying.
+
+This gem is intended to be an aid to your development environment. **Don't use this in production.**
+
+[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/M4M76DVZR)
+
+## Installation
+
+Install via Bundler:
+```bash
+bundle add rails-nginx
+```
+
+Or install it manually:
+```bash
+gem install rails-nginx
+```
+
+## Usage
+
+### config/puma.rb
+```ruby
+port ENV.fetch('PORT') { 3000 } unless Rails.env.development?
+
+plugin :rails_nginx if Rails.env.development?
+
+# All configuration is entirely optional, the following blocks are not required.
+rails_nginx_config(:primary) do |config|
+  config[:domain] = 'route1.spline-reticulator.test' # default eg. rails-app-name.test
+  config[:host] = '0.0.0.0' # default '127.0.0.1'
+  config[:root_path] = './public' # default `Rails.public_path`
+  config[:ssl] = false # default true
+  config[:log] = false # default true
+
+  # default location Rails.root + tmp/nginx/
+  config[:ssl_certificate_path] = './tmp/certs/_spline-reticulator.test.pem'
+  config[:ssl_certificate_key_path] = './tmp/certs/_spline-reticulator-key.test.pem'
+
+  # default location Rails.root + log/nginx/
+  config[:access_log_path] = './log/route1.nginx.access.log'
+  config[:error_log_path] = './log/route1.nginx.error.log'
+end
+
+# You can define multiple configurations and all will be created on puma boot.
+rails_nginx_config(:secondary) do |config|
+  config.merge!(rails_nginx_config(:primary))
+
+  config[:domain] = 'route2.spline-reticulator.test'
+  config[:access_log_path] = './log/route2.nginx.access.log'
+  config[:error_log_path] = './log/route2.nginx.error.log'
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/bert-mccutchen/rails-nginx.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/lib/puma/plugin/rails_nginx.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require "puma/plugin"
+require_relative "../../rails/nginx"
+
+# The Puma team recommends this approach to extend the Puma DSL.
+# @see https://github.com/puma/puma/discussions/3173
+module Puma
+  class DSL
+    def rails_nginx_configs
+      @rails_nginx_configs ||= {}
+    end
+
+    def rails_nginx_config(name = :primary)
+      rails_nginx_configs[name] ||= {}
+      yield rails_nginx_configs[name] if block_given?
+      rails_nginx_configs[name]
+    end
+  end
+end
+
+# The Rails server command's port will override ENV['PORT'] out of the box.
+# However, Rails itself does not reasign back to ENV['PORT'].
+def rails_port!
+  rails_port = Rails::Command::ServerCommand.new([], ARGV).options[:port]
+  ENV["PORT"] = rails_port.to_s if rails_port
+end
+
+Puma::Plugin.create do
+  def config(puma_config) # rubocop:disable Metrics/MethodLength
+    rails_port!
+
+    puma_config.port Rails::Nginx.port
+
+    puma_config.on_booted do
+      if puma_config.rails_nginx_configs.empty?
+        Rails::Nginx.start!
+      else
+        puma_config.rails_nginx_configs.each_value do |options|
+          Rails::Nginx.start!(options)
+        end
+      end
+    end
+
+    puma_config.on_restart do
+      if puma_config.rails_nginx_configs.empty?
+        Rails::Nginx.stop!
+        Rails::Nginx.start!
+      else
+        puma_config.rails_nginx_configs.each_value do |options|
+          Rails::Nginx.stop!(options)
+          Rails::Nginx.start!(options)
+        end
+      end
+    end
+
+    if defined?(puma_config.on_stopped) # rubocop:disable Style/GuardClause
+      puma_config.on_stopped do
+        if puma_config.rails_nginx_configs.empty?
+          Rails::Nginx.stop!
+        else
+          puma_config.rails_nginx_configs.each_value do |options|
+            Rails::Nginx.stop!(options)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rails/nginx/nginx.conf.erb

@@ -0,0 +1,104 @@
+# Generic and NGINX configuration file for a Rails application.
+# https://www.digitalocean.com/community/tools/nginx
+
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  ''      close;
+}
+
+map $remote_addr $proxy_forwarded_elem {
+    # IPv4 addresses can be sent as-is
+    ~^[0-9.]+$        "for=$remote_addr";
+
+    # IPv6 addresses need to be bracketed and quoted
+    ~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
+
+    # Unix domain socket names cannot be represented in RFC 7239 syntax
+    default           "for=unknown";
+}
+
+map $http_forwarded $proxy_add_forwarded {
+  # If the incoming Forwarded header is syntactically valid, append to it
+  "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
+
+  # Otherwise, replace it
+  default "$proxy_forwarded_elem";
+}
+
+upstream <%= name %> {
+  server 127.0.0.1:<%= options[:port] %> fail_timeout=0;
+}
+
+server {
+  listen                      80;
+  server_name                 <%= options[:domain] %>;
+  root                        <%= options[:root_path] %>;
+  try_files $uri/index.html $uri @<%= name %>;
+
+  <% if options[:ssl] %>
+  # ssl
+  listen                      443 ssl;
+  http2                       on;
+  ssl_certificate             <%= options[:ssl_certificate_path] %>;
+  ssl_certificate_key         <%= options[:ssl_certificate_key_path] %>;
+  <% end %>
+
+  <% if options[:log] %>
+  # logging
+  access_log                  <%= options[:access_log_path] %> combined buffer=512k flush=1m;
+  error_log                   <%= options[:error_log_path] %> warn;
+  <% end %>
+
+  # ect.
+  large_client_header_buffers 4 16k;
+  client_max_body_size        4G;
+  keepalive_timeout           75s;
+
+  # reverse proxy
+  location @<%= name %> {
+    proxy_pass                         http://<%= name %>;
+    proxy_http_version                 1.1;
+    proxy_cache_bypass                 $http_upgrade;
+
+    <% if options[:ssl] %>
+    # proxy SSL
+    proxy_ssl_server_name              on;
+    <% end %>
+
+    # proxy headers
+    proxy_set_header                   Host $host;
+    proxy_set_header Upgrade           $http_upgrade;
+    proxy_set_header Connection        $connection_upgrade;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header Forwarded         $proxy_add_forwarded;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Host  $host;
+    proxy_set_header X-Forwarded-Port  $server_port;
+  }
+
+  location ^~ /assets/ {
+    proxy_pass                         http://<%= name %>;
+    proxy_http_version                 1.1;
+    proxy_cache_bypass                 $http_upgrade;
+
+    <% if options[:ssl] %>
+    # proxy SSL
+    proxy_ssl_server_name              on;
+    <% end %>
+
+    # proxy headers
+    proxy_set_header                   Host $host;
+    proxy_set_header Upgrade           $http_upgrade;
+    proxy_set_header Connection        $connection_upgrade;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header Forwarded         $proxy_add_forwarded;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Host  $host;
+    proxy_set_header X-Forwarded-Port  $server_port;
+
+    add_header Cache-Control               public;
+    add_header Access-Control-Allow-Origin *;
+  }
+}

data/lib/rails/nginx/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Rails
+  module Nginx
+    VERSION = "1.0.0-alpha"
+  end
+end

data/lib/rails/nginx.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require "socket"
+require "ruby/nginx"
+
+module Rails
+  module Nginx
+    class Error < StandardError; end
+
+    def self.port
+      ENV["PORT"] ||= Addrinfo.tcp("127.0.0.1", 0).bind { |s| s.local_address.ip_port }.to_s
+    end
+
+    def self.start!(options = {}, &block)
+      return unless rails_server?
+
+      config = Ruby::Nginx.add!(options.reverse_merge(defaults(options)), &block)
+
+      puts start_message(config.options) # rubocop:disable Rails/Output
+    end
+
+    def self.stop!(options = {}, &block)
+      return unless rails_server?
+
+      Ruby::Nginx.remove!(options.reverse_merge(defaults(options)), &block)
+    end
+
+    private
+
+    def self.rails_server?
+      defined?(Rails::Server)
+    end
+    private_class_method :rails_server?
+
+    def self.defaults(options)
+      domain = options[:domain] || "#{Rails.application.class.module_parent.name.underscore.dasherize}.test"
+
+      {
+        domain: domain,
+        port: port,
+        root_path: Rails.public_path,
+        ssl: true,
+        log: true,
+        ssl_certificate_path: Rails.root.join("tmp/nginx/_#{domain}.pem"),
+        ssl_certificate_key_path: Rails.root.join("tmp/nginx/_#{domain}-key.pem"),
+        access_log_path: Rails.root.join("log/nginx/#{domain}.access.log"),
+        error_log_path: Rails.root.join("log/nginx/#{domain}.error.log")
+      }
+    end
+    private_class_method :defaults
+
+    def self.start_message(config)
+      message = ["* Rails NGINX version: #{Rails::Nginx::VERSION}"]
+      message << "*       HTTP Endpoint: http://#{config[:domain]}"
+      message << "*      HTTPS Endpoint: https://#{config[:domain]}" if config[:ssl]
+      message << "*          Access Log: #{config[:access_log_path]}" if config[:log]
+      message << "*           Error Log: #{config[:error_log_path]}" if config[:log]
+      message << "* Upstreaming to http://#{config[:host]}:#{config[:port]}"
+      message.join("\n")
+    end
+    private_class_method :start_message
+  end
+end

metadata

@@ -0,0 +1,96 @@
+--- !ruby/object:Gem::Specification
+name: rails-nginx
+version: !ruby/object:Gem::Version
+  version: 1.0.0.pre.alpha
+platform: ruby
+authors:
+- Bert McCutchen
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2024-11-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: puma
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ruby-nginx
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Automatically configure NGINX with SSL upon boot for Rails applications.
+email:
+- mail@bertm.dev
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- lib/puma/plugin/rails_nginx.rb
+- lib/rails/nginx.rb
+- lib/rails/nginx/nginx.conf.erb
+- lib/rails/nginx/version.rb
+homepage: https://github.com/bert-mccutchen/rails-nginx
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/bert-mccutchen/rails-nginx
+  source_code_uri: https://github.com/bert-mccutchen/rails-nginx
+  changelog_uri: https://github.com/bert-mccutchen/rails-nginx/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.22
+signing_key: 
+specification_version: 4
+summary: Automatic NGINX+SSL configuration for Rails.
+test_files: []